Forum Discussion

Nimbostratus

Jun 16, 2015

Get SSL Handshake Alert Fatal 44 with certificate revoked

Hello, If APM refuses a certificate because it has been revoked, the SSL handshake is still accepted and the return code is an HTTP 200 OK to display the notification page. This is very user friendl...

application delivery

BIG-IP Access Policy Manager (APM)

Nimbostratus

Jun 24, 2015

Hi, when a certificate is revoked, RFC 5246 says that the error code must be "certificate_revoked(44)"

I had this irule from my local contact (put after auth by apm) and it's works fine :

    switch $ssl_version {
        "TLSv1.2" { set hex_version "0303" }
        "TLSv1.1" { set hex_version "0302" }
        "TLSv1.0" { set hex_version "0301" }
        default { reject; return }
    }

    set hex_response "15${hex_version}0002022C"
    set bin_response [binary format H* $hex_response]
    TCP::respond "$bin_response"
    TCP::close

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)